Skip to content

Stoppering GMail’s default security problem

This article was been published more than a year ago. The information may be outdated.

At this year’s DefCon, a security problem inherent to the default settings in GMail was unveiled. The problem is that, by default, GMail does not use encrypted sessions.
 
This can be a problem if you use public computers, because the session key might be retrievable. With the session key in hand, access is apparently simple enough to gain.
 
Luckily, this is simply corrected. Here’s how:
 

  • Log in to GMail
  • Go to “settings”
  • In the General tab, find the “Browser connection” setting
  • Set it like so:
  • Always use https

Be First to Comment

By posting a comment, you consent to our collecting the information you enter. See privacy policy for more information.

This site uses Akismet to reduce spam. Learn how your comment data is processed.